rpm package
suse/libgit2&distro=SUSE Manager Server 3.1
pkg:rpm/suse/libgit2&distro=SUSE%20Manager%20Server%203.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-19456 | — | < 0.24.1-7.9.1 | 0.24.1-7.9.1 | May 7, 2019 | The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. | ||
| CVE-2018-15501 | — | < 0.24.1-7.6.1 | 0.24.1-7.6.1 | Aug 18, 2018 | In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. | ||
| CVE-2018-10888 | — | < 0.24.1-7.6.1 | 0.24.1-7.6.1 | Jul 10, 2018 | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. | ||
| CVE-2018-10887 | — | < 0.24.1-7.6.1 | 0.24.1-7.6.1 | Jul 10, 2018 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacke | ||
| CVE-2018-11235 | — | < 0.24.1-7.6.1 | 0.24.1-7.6.1 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm | ||
| CVE-2018-8099 | — | < 0.24.1-7.6.1 | 0.24.1-7.6.1 | Mar 14, 2018 | Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. |
- CVE-2018-19456May 7, 2019affected < 0.24.1-7.9.1fixed 0.24.1-7.9.1
The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.
- CVE-2018-15501Aug 18, 2018affected < 0.24.1-7.6.1fixed 0.24.1-7.6.1
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
- CVE-2018-10888Jul 10, 2018affected < 0.24.1-7.6.1fixed 0.24.1-7.6.1
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
- CVE-2018-10887Jul 10, 2018affected < 0.24.1-7.6.1fixed 0.24.1-7.6.1
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacke
- CVE-2018-11235May 30, 2018affected < 0.24.1-7.6.1fixed 0.24.1-7.6.1
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm
- CVE-2018-8099Mar 14, 2018affected < 0.24.1-7.6.1fixed 0.24.1-7.6.1
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.